Sciweavers

ACNS
2009
Springer

Fast Packet Classification Using Condition Factorization

14 years 4 months ago
Fast Packet Classification Using Condition Factorization
Abstract. Rule-based packet classification plays a central role in network intrusion detection systems such as Snort. To enhance performance, these rules are typically compiled into a matching automaton that can quickly identify the subset of rules that are applicable to a given network packet. The principal metrics in the design of such an automaton are its size and the time taken to match packets at runtime. Previous techniques for this problem either suffered from high space overheads (i.e., automata could be exponential in the number of rules), or matching time that increased quickly with the number of rules. In contrast, we present a new technique that constructs polynomial size automata. Moreover, we show that the matching time of our automata is insensitive to the number of rules. Our experimental results demonstrate substantial improvements in space requirements, as well the runtime of Snort.
Alok Tongaonkar, R. Sekar, Sreenaath Vasudevan
Added 12 Aug 2010
Updated 12 Aug 2010
Type Conference
Year 2009
Where ACNS
Authors Alok Tongaonkar, R. Sekar, Sreenaath Vasudevan
Comments (0)